Lawrence General Hospital said Monday a recent federal government report of a data breach was misleading since it is a duplicate of a report from last year and relates to a third-party vendor.
In a statement to WHAV, Lawrence General Hospital spokesman Benjamin French said he expects the listing by U.S. Department of Health and Human Services, Office for Civil Rights, to be “correctly attributed to our business associate, Comstar, LLC on the HHS Website within the next week.” He wrote in an email, the matter was “resolved and closed.”
French referred to a statement made last June, that stated “This breach reported by Comstar applies to Comstar’s files and nothing on the LGH network has been compromised.” The statement explains Comstar is a “third-party ambulance billing company contracted by Lawrence General Hospital and other organizations nationwide to provide ambulance/paramedic billing services.”
The federal agency said protected patient health information of more than 75,000 individuals was breached.
–Original Story–
Lawrence General Hospital recently notified the federal government that the protected patient health information of more than 75,000 individuals was breached in February.
The U.S. Department of Health and Human Services, Office for Civil Rights, the federal agency charged with protecting the privacy and security of health information, revealed what it called a “Hacking/IT” breach of a network server used by the hospital.
The hospital has not yet responded to a WHAV request last Thursday for more information. Massachusetts Attorney General Andrea Joy Campbell’s office said it did not receive notification from the hospital. The office typically only receives notice if financial account, driver’s license or social security numbers are compromised.
According to Department of Health and Human Services, Lawrence General Hospital previously reported a 2020 hacking incident affecting 176,587 individuals and the “loss” of a “portable electronic device” in 2015, potentially impacting 2,071 individuals.